chore(appsec): update default waf rules version

[florentinl]

Description

Update default WAF rules from v1.14.2 to v1.16.1

Testing

Risks

Additional Notes

[cit-pr-commenter-54b7da]

Codeowners resolved as

ddtrace/appsec/rules.json                                               @DataDog/asm-python
tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_body_no_collection_snapshot.json  @DataDog/asm-python
tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_cookies_no_collection_snapshot.json  @DataDog/asm-python
tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_span_tags_snapshot.json  @DataDog/asm-python
tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled.json  @DataDog/asm-python
tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled_attack.json  @DataDog/asm-python

[pr-commenter]

Performance SLOs

Comparing candidate florentin.labelle/update-waf-rules (f764c00) with baseline main (99055a1)

📈 Performance Regressions (1 suite)

📈 iastaspectsospath - 24/24

✅ ospathbasename_aspect

Time: ✅ 509.804µs (SLO: <700.000µs 📉 -27.2%) vs baseline: 📈 +21.0%

Memory: ✅ 42.625MB (SLO: <46.000MB -7.3%) vs baseline: +4.8%

---

✅ ospathbasename_noaspect

Time: ✅ 434.226µs (SLO: <700.000µs 📉 -38.0%) vs baseline: +0.3%

Memory: ✅ 42.684MB (SLO: <46.000MB -7.2%) vs baseline: +5.1%

---

✅ ospathjoin_aspect

Time: ✅ 625.866µs (SLO: <700.000µs 📉 -10.6%) vs baseline: -0.5%

Memory: ✅ 42.703MB (SLO: <46.000MB -7.2%) vs baseline: +5.4%

---

✅ ospathjoin_noaspect

Time: ✅ 629.565µs (SLO: <700.000µs 📉 -10.1%) vs baseline: -0.5%

Memory: ✅ 42.664MB (SLO: <46.000MB -7.3%) vs baseline: +5.3%

---

✅ ospathnormcase_aspect

Time: ✅ 347.470µs (SLO: <700.000µs 📉 -50.4%) vs baseline: -0.3%

Memory: ✅ 42.644MB (SLO: <46.000MB -7.3%) vs baseline: +5.1%

---

✅ ospathnormcase_noaspect

Time: ✅ 356.477µs (SLO: <700.000µs 📉 -49.1%) vs baseline: -0.3%

Memory: ✅ 42.585MB (SLO: <46.000MB -7.4%) vs baseline: +4.7%

---

✅ ospathsplit_aspect

Time: ✅ 489.773µs (SLO: <700.000µs 📉 -30.0%) vs baseline: -0.3%

Memory: ✅ 42.546MB (SLO: <46.000MB -7.5%) vs baseline: +4.7%

---

✅ ospathsplit_noaspect

Time: ✅ 501.497µs (SLO: <700.000µs 📉 -28.4%) vs baseline: ~same

Memory: ✅ 42.644MB (SLO: <46.000MB -7.3%) vs baseline: +4.9%

---

✅ ospathsplitdrive_aspect

Time: ✅ 372.465µs (SLO: <700.000µs 📉 -46.8%) vs baseline: -0.8%

Memory: ✅ 42.507MB (SLO: <46.000MB -7.6%) vs baseline: +4.6%

---

✅ ospathsplitdrive_noaspect

Time: ✅ 73.437µs (SLO: <700.000µs 📉 -89.5%) vs baseline: -0.2%

Memory: ✅ 42.605MB (SLO: <46.000MB -7.4%) vs baseline: +4.9%

---

✅ ospathsplitext_aspect

Time: ✅ 456.479µs (SLO: <700.000µs 📉 -34.8%) vs baseline: -0.6%

Memory: ✅ 42.546MB (SLO: <46.000MB -7.5%) vs baseline: +4.8%

---

✅ ospathsplitext_noaspect

Time: ✅ 460.672µs (SLO: <700.000µs 📉 -34.2%) vs baseline: -0.8%

Memory: ✅ 42.585MB (SLO: <46.000MB -7.4%) vs baseline: +5.1%

✅ All Tests Passing (2 suites)

✅ iastaspectssplit - 12/12

✅ rsplit_aspect

Time: ✅ 156.422µs (SLO: <250.000µs 📉 -37.4%) vs baseline: +4.3%

Memory: ✅ 42.605MB (SLO: <46.000MB -7.4%) vs baseline: +4.2%

---

✅ rsplit_noaspect

Time: ✅ 157.138µs (SLO: <250.000µs 📉 -37.1%) vs baseline: -0.6%

Memory: ✅ 42.566MB (SLO: <46.000MB -7.5%) vs baseline: +4.9%

---

✅ split_aspect

Time: ✅ 149.307µs (SLO: <250.000µs 📉 -40.3%) vs baseline: ~same

Memory: ✅ 42.644MB (SLO: <46.000MB -7.3%) vs baseline: +5.2%

---

✅ split_noaspect

Time: ✅ 154.929µs (SLO: <250.000µs 📉 -38.0%) vs baseline: -0.2%

Memory: ✅ 42.644MB (SLO: <46.000MB -7.3%) vs baseline: +4.8%

---

✅ splitlines_aspect

Time: ✅ 144.382µs (SLO: <250.000µs 📉 -42.2%) vs baseline: -1.7%

Memory: ✅ 42.802MB (SLO: <46.000MB -7.0%) vs baseline: +5.1%

---

✅ splitlines_noaspect

Time: ✅ 151.924µs (SLO: <250.000µs 📉 -39.2%) vs baseline: +1.9%

Memory: ✅ 42.605MB (SLO: <46.000MB -7.4%) vs baseline: +5.0%

---

✅ iastpropagation - 8/8

✅ no-propagation

Time: ✅ 48.041µs (SLO: <60.000µs 📉 -19.9%) vs baseline: -0.7%

Memory: ✅ 38.968MB (SLO: <42.000MB -7.2%) vs baseline: +4.7%

---

✅ propagation_enabled

Time: ✅ 135.240µs (SLO: <190.000µs 📉 -28.8%) vs baseline: ~same

Memory: ✅ 39.027MB (SLO: <42.000MB -7.1%) vs baseline: +4.9%

---

✅ propagation_enabled_100

Time: ✅ 1.557ms (SLO: <2.300ms 📉 -32.3%) vs baseline: +0.9%

Memory: ✅ 38.889MB (SLO: <42.000MB -7.4%) vs baseline: +4.5%

---

✅ propagation_enabled_1000

Time: ✅ 28.893ms (SLO: <34.550ms 📉 -16.4%) vs baseline: -0.2%

Memory: ✅ 38.968MB (SLO: <42.000MB -7.2%) vs baseline: +4.6%

ℹ️ Scenarios Missing SLO Configuration (20 scenarios)

The following scenarios exist in candidate data but have no SLO thresholds configured:

• iast_aspects-re_expand_aspect
• iast_aspects-re_expand_noaspect
• iast_aspects-re_findall_aspect
• iast_aspects-re_findall_noaspect
• iast_aspects-re_finditer_aspect
• iast_aspects-re_finditer_noaspect
• iast_aspects-re_fullmatch_aspect
• iast_aspects-re_fullmatch_noaspect
• iast_aspects-re_group_aspect
• iast_aspects-re_group_noaspect
• iast_aspects-re_groups_aspect
• iast_aspects-re_groups_noaspect
• iast_aspects-re_match_aspect
• iast_aspects-re_match_noaspect
• iast_aspects-re_search_aspect
• iast_aspects-re_search_noaspect
• iast_aspects-re_sub_aspect
• iast_aspects-re_sub_noaspect
• iast_aspects-re_subn_aspect
• iast_aspects-re_subn_noaspect